MS15-044: Description of the security update for Silverlight 5: May 12, 2015

Summary

This article describes a security update for Microsoft Silverlight 5 that is dated May 12, 2015. Silverlight is a cross-browser, multi-environment plug-in that delivers the next generation of Microsoft .NET-based media experiences and rich interactive applications for the web.
This security update is an upgrade to earlier versions of Silverlight. If your computer does not have Silverlight installed, you can obtain the installer from Microsoft Update or Windows Server Update Services (WSUS).

This security update includes functional, performance, reliability, and security improvements. Additionally, this security update is backward-compatible with web applications that were created for earlier versions of Silverlight. Additionally, this security update fixes the issues that are described in the More Information section.

More Information

Fixes and improvements in this security update

This security update includes the following improvements and fixes the following issues:

Issue 1

Fixes the security vulnerability that is described in Microsoft Knowledge Base (KB) article 3057110. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
3057110 MS15-044: Vulnerabilities in Microsoft font drivers could allow remote code execution: May 12, 2015

Issue 2

Fixes the security vulnerability that is described in KB article 3058985. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
3058985 MS15-049: Vulnerability in Silverlight could allow elevation of privilege: May 12, 2015

Issue 3

Fixes an issue with displaying text in the UI Gothic font on Windows 8 and later versions.

Issue 4

Fixes a crash in Microsoft Silverlight Configuration that is seen on some systems when the user clicks the Application Storage list box.

Changes in this security update

After you apply this security update in Windows, you cannot uninstall a standard (unelevated) out-of-browser application by starting it, right-clicking it, and then selecting Remove this application. The command is no longer displayed. You have to uninstall the out-of-browser application from the Programs and Features item in Control Panel.

How to obtain this security update

Microsoft Silverlight site

The Silverlight installer includes all previous updates in addition to this security update. To install the latest version of Silverlight, go to the following Microsoft website:

Microsoft Update

This security update is available on Microsoft Update and is also available through WSUS. If an earlier version of Silverlight is installed on the computer, this security update is offered as Security Update for Microsoft Silverlight (KB 3056819).

Update replacement information

This security update replaces the following security update:
2932677 MS14-014: Vulnerability in Silverlight could allow security feature bypass: March 11, 2014

File information

The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.
For all supported 64-bit releases of Microsoft Silverlight 5 for Windows
For all supported 32-bit releases of Microsoft Silverlight 5 for Windows
For all supported versions of Microsoft Silverlight 5 for Macintosh

References

For more information about Silverlight, go to the following Microsoft websites:
Properties

Article ID: 3056819 - Last Review: May 12, 2015 - Revision: 1

Feedback